Skip to main content
  1. ctf-writeups/

Safaricom PwnZone CTF 2025

·2 mins
Table of Contents
challenge banner

Challenge: BMI #

Category: Cryptography

Difficulty: Medium

File provided: note.txt

Flag: saf_ctf{2768c3d1-1aef-4455-b1a0-eb6f3ab9ddf1}

Description #

A file named note.txt appears to contain unreadable or “garbage” bytes. Recover any hidden message or flag.

file output

Key observation #

file note.txt reports:

note.txt: Non-ISO extended-ASCII text, with NEL line terminators
  • “Non-ISO extended-ASCII” indicates the bytes do not match ASCII/UTF-8 and are likely using a different single-byte character set.
  • “NEL line terminators” (Next Line, byte 0x15) is a strong signature of EBCDIC - a legacy IBM mainframe encoding - rather than ASCII-style newlines (0x0A).

Taken together, this strongly suggests the file contains plain English text encoded in an EBCDIC code page.

Reproducible steps #

  1. Inspect raw bytes
xxd -l 128 note.txt
hexdump -C -n 128 note.txt
strings -n 4 note.txt | head

Look for many bytes outside ASCII printable range (e.g. clustering around 0x40..0xA5) and absence of readable ASCII strings.

  1. Convert EBCDIC → UTF-8 (IBM037 / CP037)

The common U.S. EBCDIC mapping is IBM037 (CP037). Convert with iconv:

iconv -f CP037 -t UTF-8 note.txt > decoded.txt
cat decoded.txt

If CP037 doesn’t look right, try other EBCDIC variants (CP500, IBM273, IBM1047):

for cp in CP037 CP500 IBM273 IBM1047; do
  echo "=== $cp ==="
  iconv -f $cp -t UTF-8 note.txt | sed -n '1,40p'
  echo
done
file output
  1. Extract the flag

Search the converted output for typical flag patterns:

grep -Eo 'saf_ctf\{[^}]+\}' decoded.txt
# => saf_ctf{2768c3d1-1aef-4455-b1a0-eb6f3ab9ddf1}

Decoded content #

Meeting notes - internal draft
Ensure all secrets are not leaked to our competitor.
Please review and confirm the ID below.
Reference code: saf_ctf{2768c3d1-1aef-4455-b1a0-eb6f3ab9ddf1}
Security awareness is paramount to us.
End of message.

Decoding with CyberChef #

Cyberchef output

Conclusion #

  • EBCDIC is a different single-byte character set where printable characters map to different byte values than ASCII. When EBCDIC-encoded text is interpreted as ASCII/UTF-8 it looks like binary garbage; converting from the correct EBCDIC code page restores readable text.